Overview

overview

10

Static

static

71078D7CF6...33.exe

windows7_x64

10

71078D7CF6...33.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71078D7CF6428403D8E6298613B1D2932D16129A0E033.exe

  • Size

    222KB

  • Sample

    211107-c6mllaeben

  • MD5

    9ba09fe66a6c0f30ccc1800487e14a33

  • SHA1

    56a97a459acf4cd6403eaa174944f1d1db7957c6

  • SHA256

    71078d7cf6428403d8e6298613b1d2932d16129a0e033f0c008abd7fb194ba80

  • SHA512

    88679b1b788741d52c1a2d443fe4906231d1c7b7aa475bf1b22465d1e51001902f9d42aebc74680217cc69ecb79dbe1bad1e4962452b6416ae8071e6feb310b1

Score
10/10
njrat180721evasionpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

180721

C2

185.222.57.203:2282

Mutex

866d16940c2b513b37047e4f825bb8ff

Attributes
  • reg_key

    866d16940c2b513b37047e4f825bb8ff

  • splitter

    |'|'|

Targets

    • Target

      71078D7CF6428403D8E6298613B1D2932D16129A0E033.exe

    • Size

      222KB

    • MD5

      9ba09fe66a6c0f30ccc1800487e14a33

    • SHA1

      56a97a459acf4cd6403eaa174944f1d1db7957c6

    • SHA256

      71078d7cf6428403d8e6298613b1d2932d16129a0e033f0c008abd7fb194ba80

    • SHA512

      88679b1b788741d52c1a2d443fe4906231d1c7b7aa475bf1b22465d1e51001902f9d42aebc74680217cc69ecb79dbe1bad1e4962452b6416ae8071e6feb310b1

    Score
    10/10
    njrat180721evasionpersistencesuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks